CN102413467B - A kind of SRVCC switching handling methods, device and its terminal - Google Patents

A kind of SRVCC switching handling methods, device and its terminal Download PDF

Info

Publication number
CN102413467B
CN102413467B CN201110387451.1A CN201110387451A CN102413467B CN 102413467 B CN102413467 B CN 102413467B CN 201110387451 A CN201110387451 A CN 201110387451A CN 102413467 B CN102413467 B CN 102413467B
Authority
CN
China
Prior art keywords
authentication parameter
domain
srvcc
standards
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110387451.1A
Other languages
Chinese (zh)
Other versions
CN102413467A (en
Inventor
陈扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110387451.1A priority Critical patent/CN102413467B/en
Publication of CN102413467A publication Critical patent/CN102413467A/en
Priority to EP12852719.9A priority patent/EP2787753B1/en
Priority to US14/368,328 priority patent/US9445265B2/en
Priority to PCT/CN2012/077940 priority patent/WO2013078858A1/en
Application granted granted Critical
Publication of CN102413467B publication Critical patent/CN102413467B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0022Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies
    • H04W36/00224Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies between packet switched [PS] and circuit switched [CS] network technologies, e.g. circuit switched fallback [CSFB]
    • H04W36/00226Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies between packet switched [PS] and circuit switched [CS] network technologies, e.g. circuit switched fallback [CSFB] wherein the core network technologies comprise IP multimedia system [IMS], e.g. single radio voice call continuity [SRVCC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W74/00Wireless channel access
    • H04W74/002Transmission of channel access control information
    • H04W74/008Transmission of channel access control information with additional processing of random access related information at receiving side
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0022Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/042Public Land Mobile systems, e.g. cellular systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of SRVCC switching handling methods, device and its terminal, the technical scheme that the present invention is provided, two sets of authentication parameters can be preserved in SRVCC handoff procedures, it is a set of to be stored in card, it is another set of to be stored in ephemeral data area, and specific authentication parameter is accessed with switching variable control, and user uses that data field without considering.Deng SRVCC switch successfully or failure after determine whether to write the authentication parameter in ephemeral data area in card again.And the mode in writing card is directly calculated after SRVCC switchings start, update more flexible, and the Signalling exchange with network can be reduced.

Description

A kind of SRVCC switching handling methods, device and its terminal
Technical field
The present invention relates to the communications field, in particular to a kind of SRVCC (Single Radio Voice Call Continuity, voice business continuity) switching handling method, device and its terminal.
Background technology
With continuing to develop for the communication technology, occur in that from data field PS speech business can to circuit domain CS voice The technology of service switching, this technology is exactly SRVCC handoff techniques.Wherein, the mode of SRVCC switchings includes TD single system inscribes Change, TD to GSM switching, LTE to TD switching, and LTE to GSM switching these four situations.In the system of multimode, this The application of one technology can greatly improve the experience of user.
Below, by taking LTE to TD SRVCC switchings as an example, the process of summary SRVCC switchings.
Current standard such as terminal is LTE, at this moment initiates the speech business of ps domain, and the speech business of ps domain, which is set up, to be completed Afterwards, in communication process, the problem of due to signal quality, network side determines to carry out voice business continuity switching, works as network side After the completion of resource switch, notify terminal that current standard is switched into TD, after the completion of switching, terminal can be made to proceed under TD Current speech business.In this process, if the speech business of ps domain is also proceeding to TD of can switching.
Because original standard speech business may carry out encryption either integrity protection, then in order to smoothly switch Continue speech business, it is necessary to original authentication parameter is mapped to new target standard with to target standard, but in this mistake Cheng Zhong, the problem of the problem of whether carrying out authentication parameter conversion can be related to, when start the conversion of authentication parameter, what When the problem of be saved in card, and the problems such as how to handle authentication parameter after SRVCC failures, however, not appointing at present What can solve the problem that the prior art of above mentioned problem is disclosed.
The content of the invention
The invention provides a kind of SRVCC switching handling methods, device and terminal, it is used in SRVCC handoff procedures The processing of authentication parameter so that SRVCC switchings can be smoothly completed, and business is not influenceed after success and failure.
In order to reach the purpose of the present invention, the present invention is realized using following technical scheme:
A kind of SRVCC switching handling methods, including:
Terminal obtain network side send SRVCC switching commands after, judge current standard ps domain speech business whether Encipherment protection and integrity protection are carried out, if so, then changing the ps domain authentication parameter of current standard into purpose standard CS domains authentication parameter and ps domain authentication parameter;
The CS domains authentication parameter and ps domain authentication parameter of the purpose standard are stored in Non-Access Stratum NAS (Non- Access Stratum, Non-Access Stratum) and the ephemeral datas that can access of Access Layer AS (Access Stratum, Access Layer) Area, and a switching variable is set to the ephemeral data area;
If terminal judges that SRVCC is switched successfully, NAS is by the CS domains authentication parameter and PS of the purpose standard in ephemeral data area Domain authentication parameter is write in card, and switching variable is set into the reading from card.
Preferably, when being switched to TD or GSM standards by current LTE standards SRVCC, by the ps domain of current LTE standards The method of CS domains authentication parameter and ps domain authentication parameter that authentication parameter is converted to TD or GSM standards includes:
Card Reader obtains connection security management entity KASME (the Access Security of the key of LTE standards Management Entity Of Key, connection security management entity), statistics MME and terminal NAS message Counter Value Downlink NAS COUNT value, and safe key mark eKsi (Key Set Identifier for E-UTRAN, LTE safe key mark);
Calculate UMTS tegrity protection key IK (UMTS integrity key, UMTS tegrity protection key) and UMTS encryption key Ck (UMTS ciphering key, UMTS encryption key);
Encryption key Kc (the GSM ciphering that obtained IK and Ck calculates 64 GSM are calculated according to described Key, GSM encryption key);
128 Kc are calculated according to the obtained IK and Ck that calculates;
By to indicate whether be new key KEY NewFlag be set to it is invalid;
UMTS safe key is identified into CKSN (ciphering key sequence number, UMTS safe keys Mark) and GSM safe key mark KSI be set to LTE standards safe key identify eKsi.
Preferably, when being switched to TD or GSM standards by current TD standards SRVCC, the ps domain of current TD standards is reflected The method of CS domains authentication parameter and ps domain authentication parameter that weight parameter is converted to TD or GSM standards includes:
Calculate IK and Ck;
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to the KSI of ps domain.
A kind of SRVCC switch processing devices, including:
SRVCC switching command acquisition modules, the SRVCC switching commands for obtaining network side transmission;
Authentication parameter modular converter, the speech business for judging current standard ps domain whether carried out encipherment protection and Integrity protection, if so, the ps domain authentication parameter of current standard then is changed into the CS domains authentication parameter and ps domain into purpose standard Authentication parameter;
Authentication parameter processing module, for the CS domains authentication parameter and ps domain authentication parameter of the purpose standard to be stored in The ephemeral data area that NAS and AS can be accessed, and a switching variable is set to the ephemeral data area;
Authentication parameter writing module, for when terminal successfully carries out SRVCC switchings, then by the purpose system in ephemeral data area The CS domains authentication parameter and ps domain authentication parameter of formula are write in card, and switching variable is set into the reading from card.
Preferably, when being switched to TD or GSM standards by current LTE standards SRVCC, the authentication parameter processing module The ps domain authentication parameter of current LTE standards is converted to the CS domains authentication parameter of TD or GSM standards and the side of ps domain authentication parameter Method includes:
Card Reader obtains KASME, NAS downlink COUNT value of LTE standards, and eKsi;
Calculate IK and Ck;
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to eKsi.
Preferably, when being switched to TD or GSM standards by current TD standards SRVCC, the authentication parameter processing module The method that the ps domain authentication parameter of current TD standards is converted to the CS domains authentication parameter and ps domain authentication parameter of TD or GSM standards Including:
Calculate IK and Ck;
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to the KSI of ps domain.
A kind of terminal, including SRVCC switch processing devices, described device include:
SRVCC switching command acquisition modules, the SRVCC switching commands for obtaining network side transmission;
Authentication parameter modular converter, the speech business for judging current standard ps domain whether carried out encipherment protection and Integrity protection, if so, the ps domain authentication parameter of current standard then is changed into the CS domains authentication parameter and ps domain into purpose standard Authentication parameter;
Authentication parameter processing module, for the CS domains authentication parameter and ps domain authentication parameter of the purpose standard to be stored in The ephemeral data area that NAS and AS can be accessed, and a switching variable is set to the ephemeral data area;
Authentication parameter writing module, for when terminal successfully carries out SRVCC switchings, then by the purpose system in ephemeral data area The CS domains authentication parameter and ps domain authentication parameter of formula are write in card, and switching variable is set into the reading from card.
Preferably, when being switched to TD or GSM standards by current LTE standards SRVCC, the authentication parameter processing module The ps domain authentication parameter of current LTE standards is converted to the CS domains authentication parameter of TD or GSM standards and the side of ps domain authentication parameter Method includes:
Card Reader obtains KASME, NAS downlink COUNT value of LTE standards, and eKsi;
IK and Ck is calculated, its calculation formula is derived key=HMAC-SHA-256 (Key, S);
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to eKsi.
Preferably, when being switched to TD or GSM standards by current TD standards SRVCC, the authentication parameter processing module The method that the ps domain authentication parameter of current TD standards is converted to the CS domains authentication parameter and ps domain authentication parameter of TD or GSM standards Including:
Calculate IK and Ck;
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to the KSI of ps domain.
It can be seen that compared with prior art by above technical scheme, the technical scheme that the present invention is provided, Two sets of authentication parameters can be preserved in SRVCC handoff procedures, it is a set of to be stored in card, it is another set of to be stored in ephemeral data area, And specific authentication parameter is accessed with switching variable control, and user uses that data field without considering.Deng SRVCC Switch successfully or determine whether to write the authentication parameter in ephemeral data area in card again after failing.And opened in SRVCC switchings The mode write in card is directly calculated after beginning, updates more flexible, and the Signalling exchange with network can be reduced.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the present invention, this hair Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the SRVCC switching handling method schematic flow sheets that the present invention is provided;
Fig. 2 is SRVCC switching handling methods schematic flow sheet provided in an embodiment of the present invention;
Fig. 3 is the SRVCC switch processing device structural representations that the present invention is provided.
Embodiment
In order that technical problems, technical solutions and advantages to be solved are clearer, clear, tie below Drawings and examples are closed, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only To explain the present invention, it is not intended to limit the present invention.
As shown in figure 1, a kind of SRVCC switching handling methods that the present invention is provided, comprise the following steps:
S101, terminal judge the speech business of current standard ps domain after the SRVCC switching commands that network side is sent are obtained Whether encipherment protection and integrity protection have been carried out, if so, will then be made for the purpose of the ps domain authentication parameter conversion of current standard The CS domains authentication parameter and ps domain authentication parameter of formula;
S102, it the CS domains authentication parameter and ps domain authentication parameter of the purpose standard are stored in NAS and AS can access Ephemeral data area, and to the ephemeral data area set a switching variable;
If S103, terminal judge that SRVCC is switched successfully, NAS, which authenticates the CS domains of the purpose standard in ephemeral data area, to join Number and ps domain authentication parameter are write in card, and switching variable is set into the reading from card.
In the step S101, when carrying out SRVCC switchings, its current standard can be LTE standards, TD standards, target Standard can be TD or GSM standards.For example, when being switched to TD or GSM standards by current LTE standards SRVCC, will be current The method of CS domains authentication parameter and ps domain authentication parameter that the ps domain authentication parameter of LTE standards is converted to TD or GSM standards includes:
(1) Card Reader obtains KASME, NAS downlink COUNT value of LTE standards, and eKsi;
(21) IK and Ck is calculated;
(3) IK and Ck obtained according to the calculating calculates 64 Kc;
(4) 128 Kc are calculated according to the obtained IK and Ck that calculates;
(5) it is invalid to be set to NewFlag;
(6) CKSN and KSI are set to eKsi.
Or, when being switched to TD or GSM standards by current TD standards SRVCC, the ps domain of current TD standards is reflected The method of CS domains authentication parameter and ps domain authentication parameter that weight parameter is converted to TD or GSM standards includes:
(1) IK and Ck is calculated;
(2) IK and Ck obtained according to the calculating calculates 64 Kc;
(3) 128 Kc are calculated according to the obtained IK and Ck that calculates;
(4) it is invalid to be set to NewFlag;
(5) CKSN and KSI are set to the KSI of ps domain.
Reference picture 3, it is SRVCC switching handling methods schematic flow sheet provided in an embodiment of the present invention.
Encryption key and tegrity protection key in communication process are to be calculated generation by calorimeter and be stored in card, Obtained when needing to encrypt or need integrity protection from card.SRVCC hand-off process sides provided in an embodiment of the present invention Method flow includes following several steps.
The first step:The speech business of ps domain then no may carry out integrity protection if emergency-voice services, for Such case, in the case where terminal carries out SRVCC switchings, it is not necessary to carry out calculating authentication parameter.
Second step:When having carried out encipherment protection and integrity protection in the speech business of current standard, then need to carry out The ps domain authentication parameter of current standard, calculate as purpose standard CS domains and ps domain authentication parameter, specific computational methods are:
In the case of one kind, when carrying out SRVCC switchings by LTE standards to be switched to TD standards or GSM standards:
A) Card Reader obtains LTE KASME and NAS downlink COUNT value, eKsi, wherein, downlink NAS COUNT value, it is that LTE counts MME and the counter of terminal NAS message, can be used when integrity protection;
B) IK and Ck is calculated, specific formula is derived key=HMAC-SHA-256 (Key, S), with reference to agreement 33.220B2, wherein, the input parameter is with reference to 3GPP agreements 33.041A.12;Wherein, the HMAC-SHA-256 is a kind of Hash AES, its parameter is K and S respectively, and derived key are the encryption keys calculated by algorithm.HMAC:Breathe out Uncommon message authentication codes (Hash Message Authentication Code), SHA:(Secure Hash Algorithm, are translated Make SHA) it is U.S.National Security Agency (NSA) design, National Institute of Standards and Technology (NIST) issue A series of Cryptographic Hash Functions.Detailed description for the algorithm refer to content described in 3GPP agreements 33.220B2, here This is repeated no more.In above-mentioned mathematical expression, wherein,
S=FC | | P0 | | L0 | | P1 | | L1 | | P2 | | L2 | | P3 | | L3 | | ... | | Pn | | Ln;
FC=0x1A;
P0=NAS downlink COUNT value;
L0=length of NAS downlink COUNT value (i.e.0x000x04);
K=KASME
Derived key=CK | | IK;Wherein, the size of the input parameter refer to 3GPP agreements 33.401A.12 institutes State.
C) 64 Kc are calculated according to IK, Ck, specific algorithm is with reference to c3 (33.102 6.8.1.2);
After IK and CK is calculated according to above-mentioned steps b), the KC of 64 is calculated further according to C3 algorithms, it is specific to calculate Method refer to described in 3GPP agreements 33.102.
C3:Kc=CK1 xor CK2 xor IK1 xor IK2
CK=CK1||CK2
IK=IK1||IK2
Wherein, above-mentioned CK1, CK2, Ik1, Ik2 are 64 respectively.
D) 128 Kc are calculated according to IK, Ck, design parameter sets and refer to agreement 33.102B.5, specific calculation formula Derived key=HMAC-SHA-256 (Key, S), with reference to agreement 33.220B2;
For 128 Kc calculating, it is equally with reference in 3GPP agreements using algorithm HMAC-SHA-256 parameters 33.102B5 methods described is carried out.
FC=0x32;
K=CK | | IK;
The Kc that derived is key=128;
No input parameters (Pi, Li).
E) NewFlag be set to it is invalid, wherein, the NewFlag is to indicate whether it is new KEY, and it is in TD Used under standard;
F) CKSN and KSI are set to eKsi;
Or in another case, switch when carrying out SRVCC by TD standards to be switched to TD standards or GSM standards:
A) the specific formula derived key=HMAC-SHA-256 (Key, S) of IK and Ck are calculated with reference to 33.220B2, input Parameter refer to 33.102B.3 (Nounce values and);
B) 64 Kc specific algorithms are calculated according to IK, Ck and refer to c3 (33.102 6.8.1.2);
C) 128 Kc are calculated according to the obtained IK and Ck that calculates, design parameter sets and refer to agreement 33.102B.5, specific calculation formula derived key=HMAC-SHA-256 (Key, S) are with reference to 33.220B2;
D) NewFlag is set to invalid;
E) CKSN and KSI are set to the KSI of ps domain.
3rd step:After the authentication parameter of target standard has been calculated, card at this moment should not be saved into, but protect temporarily The memory field that can be accessed in the presence of a NAS and AS, and a switching variable is set, the interface for accessing AS, which is able to access that, to be faced When data field, and make AS layers in use, interface sets read switch without adjustment by Nas.
4th step:If SRVCC is switched successfully, it is responsible for the authentication parameter preserved in ephemeral data area to write by NAS In card, and switching variable is set to the reading from card.It can not write card if SRVCC handoff failures, but directly facing When data field authentication parameter remove, and set switching variable for card.
By above-mentioned steps so that returning back to original standard or can reduce authentication process in target standard, reducing The Signalling exchange eated dishes without rice or wine.
Present invention also offers a kind of SRVCC switch processing devices, as shown in Fig. 2 described device includes:
SRVCC switching commands acquisition module 10, the SRVCC switching commands for obtaining network side transmission;
Authentication parameter modular converter 20, the speech business for judging current standard ps domain whether carried out encipherment protection with And integrity protection, if so, the ps domain authentication parameter of current standard then is changed into the CS domains authentication parameter and PS into purpose standard Domain authentication parameter;
Authentication parameter processing module 30, for the CS domains authentication parameter of the purpose standard and ps domain authentication parameter to be preserved The ephemeral data area that can be accessed in NAS and AS, and a switching variable is set to the ephemeral data area;
Authentication parameter writing module 40, for when terminal successfully carries out SRVCC switchings, then by the purpose in ephemeral data area The CS domains authentication parameter and ps domain authentication parameter of standard are write in card, and switching variable is set into the reading from card.
When carrying out SRVCC switchings, its current standard can be LTE standards, TD standards, and target standard can be TD or GSM Standard.For example, when being switched to TD or GSM standards by current LTE standards SRVCC, the authentication parameter processing module ought The ps domain authentication parameter of preceding LTE standards is converted to the CS domains authentication parameter of TD or GSM standards and the method bag of ps domain authentication parameter Include:
Card Reader obtains KASME, NAS downlink COUNT value of LTE standards, and eKsi;
IK and Ck is calculated, its calculation formula is derived key=HMAC-SHA-256 (Key, S);
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates, its calculation formula is derived key=HMAC- SHA-256 (Key, S);
It is invalid that NewFlag is set to;
CKSN and KSI are set to eKsi.
In another example, when being switched to TD or GSM standards by current TD standards SRVCC, the authentication parameter processing module The method that the ps domain authentication parameter of current TD standards is converted to the CS domains authentication parameter and ps domain authentication parameter of TD or GSM standards Including:
IK and Ck is calculated, its calculation formula is derived key=HMAC-SHA-256 (Key, S);
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates, its calculation formula is derived key=HMAC- SHA-256 (Key, S);
It is invalid that NewFlag is set to
CKSN and KSI are set to the KSI of ps domain.
The embodiment of the present invention additionally provides a kind of terminal, including SRVCC switch processing devices, reference picture 2, described device bag Include:
SRVCC switching commands acquisition module 10, the SRVCC switching commands for obtaining network side transmission;
Authentication parameter modular converter 20, the speech business for judging current standard ps domain whether carried out encipherment protection with And integrity protection, if so, the ps domain authentication parameter of current standard then is changed into the CS domains authentication parameter and PS into purpose standard Domain authentication parameter;
Authentication parameter processing module 30, for the CS domains authentication parameter of the purpose standard and ps domain authentication parameter to be preserved The ephemeral data area that can be accessed in NAS and AS, and a switching variable is set to the ephemeral data area;
Authentication parameter writing module 40, for when terminal successfully carries out SRVCC switchings, then by the purpose in ephemeral data area The CS domains authentication parameter and ps domain authentication parameter of standard are write in card, and switching variable is set into the reading from card.
When being switched to TD or GSM standards by current LTE standards SRVCC, the authentication parameter processing module will be current The method of CS domains authentication parameter and ps domain authentication parameter that the ps domain authentication parameter of LTE standards is converted to TD or GSM standards includes:
Card Reader obtains KASME, NAS downlink COUNT value of LTE standards, and eKsi;
IK and Ck is calculated, its calculation formula is derived key=HMAC-SHA-256 (Key, S);
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates, its calculation formula is derived key=HMAC- SHA-256 (Key, S);
It is invalid that NewFlag is set to;
CKSN and KSI are set to eKsi.
Or, when being switched to TD or GSM standards by current TD standards SRVCC, the authentication parameter processing module will The ps domain authentication parameter of current TD standards is converted to the CS domains authentication parameter of TD or GSM standards and the method bag of ps domain authentication parameter Include:
IK and Ck is calculated, its calculation formula is derived key=HMAC-SHA-256 (Key, S);
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates, its calculation formula is derived key=HMAC- SHA-256 (Key, S);
It is invalid that NewFlag is set to
CKSN and KSI are set to the KSI of ps domain.
The terminal that the present invention is provided, can preserve two sets of authentication parameters in SRVCC handoff procedures, a set of to be stored in card In, it is another set of to be stored in ephemeral data area, and specific authentication parameter is accessed with switching variable control, and user is without examining Consider and use that data field.Deng SRVCC switch successfully or failure after determine whether the authentication in ephemeral data area ginseng again Number is write in card.And the mode in writing card is directly calculated after SRVCC switchings start, update more flexible, and can reduce With the Signalling exchange of network.
A preferred embodiment of the present invention has shown and described in described above, but as previously described, it should be understood that the present invention Be not limited to form disclosed herein, be not to be taken as the exclusion to other embodiment, and available for various other combinations, Modification and environment, and above-mentioned teaching or the technology or knowledge of association area can be passed through in invention contemplated scope described herein It is modified., then all should be in this hair and the change and change that those skilled in the art are carried out do not depart from the spirit and scope of the present invention In the protection domain of bright appended claims.

Claims (9)

1. a kind of SRVCC switching handling methods, it is characterised in that including:
Terminal judges whether the speech business of current standard ps domain is carried out after the SRVCC switching commands that network side is sent are obtained Encipherment protection and integrity protection, if so, the ps domain authentication parameter of current standard then is changed into the CS domains into purpose standard Authentication parameter and ps domain authentication parameter;
The CS domains authentication parameter and ps domain authentication parameter of the purpose standard are stored in Non-Access Stratum NAS and Access Layer AS can The ephemeral data area of access, and a switching variable is set to the ephemeral data area;
If terminal judges that SRVCC is switched successfully, NAS reflects the CS domains authentication parameter of the purpose standard in ephemeral data area and ps domain Weight parameter is write in card, and switching variable is set into the reading from card.
2. SRVCC switching handling methods as claimed in claim 1, it is characterised in that cut when by current LTE standards SRVCC When changing to TD or GSM standards, the ps domain authentication parameter of current LTE standards is converted to the CS domains authentication parameter of TD or GSM standards Include with the method for ps domain authentication parameter:
Card Reader obtains the connection security management entity KASME, statistics MME and terminal NAS message of the key of LTE standards counter Value downlink NAS COUNT value, and safe key mark eKsi;
Calculate UMTS tegrity protection key IK and UMTS encryption key Ck;
The encryption key Kc that obtained IK and Ck calculates 64 GSM is calculated according to described;
128 Kc are calculated according to the obtained IK and Ck that calculates;
By to indicate whether be new key KEY NewFlag be set to it is invalid;
The safe key mark KSI that UMTS safe key is identified into CKSN and GSM is set to the safe key mark of LTE standards eKsi。
3. SRVCC switching handling methods as claimed in claim 2, it is characterised in that when by current TD standards SRVCC switchings During to TD or GSM standards, the ps domain authentication parameter of current TD standards is converted to the CS domains authentication parameter and PS of TD or GSM standards The method of domain authentication parameter includes:
Calculate IK and Ck;
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to the KSI of ps domain.
4. a kind of SRVCC switch processing devices, it is characterised in that including:
SRVCC switching command acquisition modules, the SRVCC switching commands for obtaining network side transmission;
Whether authentication parameter modular converter, the speech business for judging current standard ps domain has carried out encipherment protection and complete Property protection, if so, then by the ps domain authentication parameter of current standard change into purpose standard CS domains authentication parameter and ps domain authenticate Parameter;
Authentication parameter processing module, for the CS domains authentication parameter and ps domain authentication parameter of the purpose standard to be stored in into NAS The ephemeral data area that can be accessed with AS, and a switching variable is set to the ephemeral data area;
Authentication parameter writing module, for when terminal successfully carries out SRVCC switchings, then by the purpose standard in ephemeral data area CS domains authentication parameter and ps domain authentication parameter are write in card, and switching variable is set into the reading from card.
5. SRVCC switch processing devices as claimed in claim 4, it is characterised in that cut when by current LTE standards SRVCC When changing to TD or GSM standards, the authentication parameter processing module by the ps domain authentication parameter of current LTE standards be converted to TD or The CS domains authentication parameter of GSM standards and the method for ps domain authentication parameter include:
Card Reader obtains KASME, NAS downlink COUNT value of LTE standards, and eKsi;
Calculate IK and Ck;
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to eKsi;
Wherein, IK is UMTS tegrity protection key, and Ck is UMTS encryption key, and Kc is GSM encryption key, NewFlag is to indicate whether being that new key KEY, CKSN identify for UMTS safe key, and KSI is GSM safe key Mark.
6. SRVCC switch processing devices as claimed in claim 5, it is characterised in that when by current TD standards SRVCC switchings During to TD or GSM standards, the ps domain authentication parameter of current TD standards is converted to TD or GSM systems by the authentication parameter processing module The CS domains authentication parameter of formula and the method for ps domain authentication parameter include:
Calculate IK and Ck;
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to the KSI of ps domain.
7. a kind of terminal, it is characterised in that including SRVCC switch processing devices, described device includes:
SRVCC switching command acquisition modules, the SRVCC switching commands for obtaining network side transmission;
Whether authentication parameter modular converter, the speech business for judging current standard ps domain has carried out encipherment protection and complete Property protection, if so, then by the ps domain authentication parameter of current standard change into purpose standard CS domains authentication parameter and ps domain authenticate Parameter;
Authentication parameter processing module, for the CS domains authentication parameter and ps domain authentication parameter of the purpose standard to be stored in into NAS The ephemeral data area that can be accessed with AS, and a switching variable is set to the ephemeral data area;
Authentication parameter writing module, for when terminal successfully carries out SRVCC switchings, then by the purpose standard in ephemeral data area CS domains authentication parameter and ps domain authentication parameter are write in card, and switching variable is set into the reading from card.
8. SRVCC switch processing devices as claimed in claim 7, it is characterised in that cut when by current LTE standards SRVCC When changing to TD or GSM standards, the authentication parameter processing module by the ps domain authentication parameter of current LTE standards be converted to TD or The CS domains authentication parameter of GSM standards and the method for ps domain authentication parameter include:
Card Reader obtains KASME, NAS downlink COUNT value of LTE standards, and eKsi;
IK and Ck is calculated, its calculation formula is derived key=HMAC-SHA-256 (Key, S);
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to eKsi;
Wherein, IK is UMTS tegrity protection key, and Ck is UMTS encryption key, and Kc is GSM encryption key, NewFlag is to indicate whether being that new key KEY, CKSN identify for UMTS safe key, and KSI is GSM safe key Mark.
9. SRVCC switch processing devices as claimed in claim 8, it is characterised in that when by current TD standards SRVCC switchings During to TD or GSM standards, the ps domain authentication parameter of current TD standards is converted to TD or GSM systems by the authentication parameter processing module The CS domains authentication parameter of formula and the method for ps domain authentication parameter include:
Calculate IK and Ck;
The IK and Ck obtained according to the calculating calculates 64 Kc;
128 Kc are calculated according to the obtained IK and Ck that calculates;
It is invalid that NewFlag is set to;
CKSN and KSI are set to the KSI of ps domain.
CN201110387451.1A 2011-11-29 2011-11-29 A kind of SRVCC switching handling methods, device and its terminal Active CN102413467B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201110387451.1A CN102413467B (en) 2011-11-29 2011-11-29 A kind of SRVCC switching handling methods, device and its terminal
EP12852719.9A EP2787753B1 (en) 2011-11-29 2012-06-29 Method and device for processing srvcc switch, and terminal therefor
US14/368,328 US9445265B2 (en) 2011-11-29 2012-06-29 Method and device for processing SRVCC switching, and terminal
PCT/CN2012/077940 WO2013078858A1 (en) 2011-11-29 2012-06-29 Method and device for processing srvcc switch, and terminal therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110387451.1A CN102413467B (en) 2011-11-29 2011-11-29 A kind of SRVCC switching handling methods, device and its terminal

Publications (2)

Publication Number Publication Date
CN102413467A CN102413467A (en) 2012-04-11
CN102413467B true CN102413467B (en) 2017-10-27

Family

ID=45915252

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110387451.1A Active CN102413467B (en) 2011-11-29 2011-11-29 A kind of SRVCC switching handling methods, device and its terminal

Country Status (4)

Country Link
US (1) US9445265B2 (en)
EP (1) EP2787753B1 (en)
CN (1) CN102413467B (en)
WO (1) WO2013078858A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413467B (en) 2011-11-29 2017-10-27 中兴通讯股份有限公司 A kind of SRVCC switching handling methods, device and its terminal
WO2014059568A1 (en) * 2012-09-18 2014-04-24 华为技术有限公司 Switching processing method and device in wireless communication system
AU2015253709B2 (en) * 2014-04-28 2018-07-05 Intel IP Corporation Solution to skip authentication procedure during Circuit- Switched Fallback (CSFB) to shorten call setup time
CN107005842B (en) * 2014-12-02 2019-12-24 华为技术有限公司 Authentication method, related device and system in wireless communication network
WO2016134536A1 (en) * 2015-02-28 2016-09-01 华为技术有限公司 Key generation method, device and system
US10462837B2 (en) 2016-11-04 2019-10-29 Qualcomm Incorporated Method, apparatus, and system for reestablishing radio communication links due to radio link failure
CN109951879B (en) * 2017-12-21 2021-04-23 ***通信集团设计院有限公司 Punishment method for ESRVCC switching preparation stage and evolution base station
WO2020067959A1 (en) 2018-09-25 2020-04-02 Telefonaktiebolaget Lm Ericsson (Publ) A radio network node, a wireless device and methods therein for re-establishing a radio connection
EP3858088B1 (en) * 2018-09-25 2022-03-09 Telefonaktiebolaget Lm Ericsson (Publ) A radio network node, a wireless device and methods therein for resuming a radio connection
WO2020198991A1 (en) * 2019-03-29 2020-10-08 Telefonaktiebolaget Lm Ericsson (Publ) Methods and apparatus relating to authentication of a wireless device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011021091A1 (en) * 2009-08-17 2011-02-24 Telefonaktiebolaget Lm Ericsson (Publ) Method for handling ciphering keys in a mobile station
CN102158855A (en) * 2010-01-18 2011-08-17 宏达国际电子股份有限公司 Method of handling security in srvcc handover and related communication device

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BRPI0909115B1 (en) * 2008-04-01 2020-10-27 Wireless Future Technologies Inc subscriber terminal to perform interdomain handover, non-transitory storage medium and method to enable interdomain handover
US20090268722A1 (en) * 2008-04-29 2009-10-29 Gallagher Michael D User Equipment and System Architecture for Voice over Long Term Evolution via Generic Access
US8964691B2 (en) * 2008-08-18 2015-02-24 Google Technology Holdings LLC Method and apparatus for inter-technology handoff of a user equipment
CN102273264B (en) * 2008-11-10 2014-05-28 爱立信电话股份有限公司 Methods and apparatuses for single radio voice call continuity (SRVCC) from CS to LTE
WO2010055410A1 (en) * 2008-11-17 2010-05-20 Nokia Corporation Method for srvcc emergency call support
WO2010084416A1 (en) * 2009-01-22 2010-07-29 Telefonaktiebolaget L M Ericsson (Publ) Mobility solution indicator for voice over evolved packet system (eps)
CN102045299B (en) * 2009-10-19 2014-02-05 中兴通讯股份有限公司 Method and system for realizing service continuity of simple module
KR101783699B1 (en) * 2009-11-09 2017-10-10 삼성전자 주식회사 Method and system to support single radio video call continuity during handover
CN101895883B (en) 2010-06-04 2013-01-30 中国联合网络通信集团有限公司 Smart card supporting authentication arithmetic update and method for updating authentication arithmetic
HUE028633T2 (en) * 2010-06-28 2016-12-28 ERICSSON TELEFON AB L M (publ) Methods and apparatuses for supporting handover of a ps voice call to a cs voice call by using srvcc function
CN102387557B (en) * 2010-08-30 2014-09-17 华为技术有限公司 Processing method, equipment and system of reverse single wireless voice calling continuity
CN101977372A (en) 2010-11-05 2011-02-16 北京握奇数据***有限公司 Number switching method and system as well as intelligent card
CN102413467B (en) 2011-11-29 2017-10-27 中兴通讯股份有限公司 A kind of SRVCC switching handling methods, device and its terminal
US20140269613A1 (en) * 2013-03-18 2014-09-18 Nokia Siemens Networks Oy Integrity protection towards one CN after handovers involving multiple services to be handled by different CNs
WO2014182213A1 (en) * 2013-05-10 2014-11-13 Telefonaktiebolaget L M Ericsson (Publ) Handover procedures for user equipment in a wireless communication network
WO2014187875A1 (en) * 2013-05-24 2014-11-27 Telefonaktiebolaget L M Ericsson (Publ) Methods for providing a plmn identifier of a packet data network gateway to a node of a ran
US9615294B2 (en) * 2013-12-03 2017-04-04 Telefonaktiebolaget Lm Ericsson (Publ) Dynamic session transfer number for voice call continuity
EP3103281B1 (en) * 2014-02-06 2020-01-01 Telefonaktiebolaget LM Ericsson (publ) Multi-bearer connection control

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011021091A1 (en) * 2009-08-17 2011-02-24 Telefonaktiebolaget Lm Ericsson (Publ) Method for handling ciphering keys in a mobile station
CN102158855A (en) * 2010-01-18 2011-08-17 宏达国际电子股份有限公司 Method of handling security in srvcc handover and related communication device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Editorial Corrections;Samsung;《3GPP TSG-SA3 (Security)》;20100504;全文 *

Also Published As

Publication number Publication date
US9445265B2 (en) 2016-09-13
WO2013078858A1 (en) 2013-06-06
CN102413467A (en) 2012-04-11
US20150010154A1 (en) 2015-01-08
EP2787753B1 (en) 2019-04-24
EP2787753A1 (en) 2014-10-08
EP2787753A4 (en) 2015-10-14

Similar Documents

Publication Publication Date Title
CN102413467B (en) A kind of SRVCC switching handling methods, device and its terminal
CN107409133B (en) Method and equipment for authentication and key agreement with complete forward secrecy
Forsberg et al. LTE security
US8145195B2 (en) Mobility related control signalling authentication in mobile communications system
CN106134231B (en) Key generation method, equipment and system
TWI469555B (en) Non-access stratum architecture and protocol enhancements for long term evolution mobile units
TWI383639B (en) Method of handling stratum key change and related communication device
CN109104727A (en) One kind is based on authorizing procedure safety Enhancement Method between the core network element of EAP-AKA '
EP2611227A1 (en) Method, device and system for sending communication information
EP3337088B1 (en) Data encryption method, decryption method, apparatus, and system
JP2017520203A (en) A method and system for providing security from a wireless access network.
CN101523797A (en) Cryptographic key management in communication networks
CN101588579B (en) System and method for authenticating user equipment and base station subsystem thereof
CN105227537A (en) Method for authenticating user identity, terminal and service end
CN103888941A (en) Method and device for key negotiation of wireless network
CN102668609B (en) For the treatment of the method for encryption key in travelling carriage
CN104885519A (en) Offload method, user equipment, base station and access point
CN110366175B (en) Security negotiation method, terminal equipment and network equipment
KR101856682B1 (en) Entity authentication method and device
EP3713147B1 (en) Railway signal security encryption method and system
CN104661217A (en) Authentication and key derivation method and system based on TD-LTE (time division-long term evolution) network
CN104683981B (en) A kind of method, equipment and system for verifying security capabilities
US20210385722A1 (en) Method and apparatus for security context handling during inter-system change
CN101800982A (en) Method for enhancing fast handover authentication security of wireless local land area
CN101409897B (en) Control method and apparatus for counter

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant